General
-
Target
7c326811746befd66fc12c4bca2a3d68.exe
-
Size
1.3MB
-
Sample
220806-h2mzfsbhgm
-
MD5
7c326811746befd66fc12c4bca2a3d68
-
SHA1
a3032195ceb673f1daadb6e01fbea7000b20d448
-
SHA256
bb5633400a6f91cf6a91defa1f1c683d7edef1d54d700369b7bfaa37d571e623
-
SHA512
b12d8b4ac89270fac834bfd7e92ed39bb5edd2958f5cc49788e95333629ec4861b1c0b05fc22b708eca40aef4e73440d2fc4754464e271fad6fa1a709dbdccca
Malware Config
Extracted
redline
top1
pemararslava.xyz:80
-
auth_value
e3ff30d1ffe0ffdb11211b351a0179a1
Targets
-
-
Target
7c326811746befd66fc12c4bca2a3d68.exe
-
Size
1.3MB
-
MD5
7c326811746befd66fc12c4bca2a3d68
-
SHA1
a3032195ceb673f1daadb6e01fbea7000b20d448
-
SHA256
bb5633400a6f91cf6a91defa1f1c683d7edef1d54d700369b7bfaa37d571e623
-
SHA512
b12d8b4ac89270fac834bfd7e92ed39bb5edd2958f5cc49788e95333629ec4861b1c0b05fc22b708eca40aef4e73440d2fc4754464e271fad6fa1a709dbdccca
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-